Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

DNS Issues Resolved but Please Check My Logs

WeeShaSha

Posted 06 March 2018 - 07:36 AM

WeeShaSha

New Member

Member

2 posts

Ive battled some malware already this year on my kids pc and think I have it fixed. However, lately my dns was changing and reported by glasswire, Ive disabled 19v6 and set my dns to manual and all scans seem to be clear. Id like a second opinion please. Would someone be kind enough to check my attached frst and addition scans and advise. I dont know what some of those entries are. I am particularly concerned about a root kit as on boot up I see a quick flash of box in the corner of the pc and I dont recall it before. It may be normal but who knows.

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

Error: (03/06/2018 06:09:01 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (03/06/2018 06:03:32 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (03/06/2018 06:03:01 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (03/06/2018 06:01:00 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/06/2018 06:01:00 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: The Collect Procedure for the "C:\Windows\System32\winspool.drv" service in DLL "Spooler" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Error: (03/06/2018 06:01:00 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (03/06/2018 06:00:59 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

System errors:
=============
Error: (03/06/2018 07:07:12 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{8FE1FF02-E8F5-460D-A73B-BF9C83E5894B} because another computer on the network has the same name. The server could not start.

Error: (03/06/2018 06:16:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Data Vault Wizard service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/06/2018 06:16:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Data Vault Wizard service to connect.

Error: (03/06/2018 06:14:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Data Vault Wizard service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Advertisements

WeeShaSha

Posted 07 March 2018 - 06:19 PM

Gary R

Posted 08 March 2018 - 02:15 AM

Gary R

Trusted Helper

Malware Removal

217 posts

By posting to your topic you remove it from the "Unreplied Topics" list that most helpers look at to see who needs help. A helper seeing a topic with replies will assume you're already being helped and will therefore look for another topic to get involved with.

Lucky for you I noticed that you'd replied to your own topic, or you might have gone unhelped.

I'm looking over your logs now, and that may take some time, depending on how much of it I need to research, so I'll get back to you once I've finished.